Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.3 views

Hunting the Ghost: Towards Automatic Mining of IoT Hidden Services

In this paper, we proposes an automatic firmware analysis tool targeting at finding hidden services that may be potentially harmful to the IoT devices. Our approach uses static analysis and symbolic execution to search and filter services that are transparent to normal users but explicit to...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.5 views

A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control

Traditional Identity and Access Management IAM systems, primarily designed for human users or static machine identities via protocols such as OAuth, OpenID Connect OIDC, and SAML, prove fundamentally inadequate for the dynamic, interdependent, and often ephemeral nature of AI agents operating at...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.1 views

BPMN to Smart Contract by Business Analyst

This paper addresses the challenge of creating smart contracts for applications represented using Business Process Management and Notation BPMN models. In our prior work we presented a methodology that automates the generation of smart contracts from BPMN models. This approach abstracts the BPMN...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.5 views

Accountable, Scalable and DoS-Resilient Secure Vehicular Communication

Paramount to vehicle safety, broadcasted Cooperative Awareness Messages CAMs and Decentralized Environmental Notification Messages DENMs are pseudonymously authenticated for security and privacy protection, with each node needing to have all incoming messages validated within an expiration...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.8 views

RedisBloom 2.6.12 Integer Overflow

There is an integer overflow vulnerability in RedisBloom version 2.6.12, which is a module used in redis. The integer overflow vulnerability allows an attacker a redis client which knows the password to allocate memory in the heap lesser than the required memory due to wraparound. Then read and...

8.8CVSS7.2AI score0.15009EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.5 views

Domainator: Detecting and Identifying DNS-Tunneling Malware Using Metadata Sequences

In recent years, malware with tunneling or: covert channel capabilities is on the rise. While malware research led to several methods and innovations, the detection and differentiation of malware solely based on its DNS tunneling features is still in its infancy. Moreover, no work so far has used...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.7 views

Chainless Apps: a Modular Framework for Building Apps with Web2 Capability and Web3 Trust

Modern blockchain applications are often constrained by a trade-off between user experience and trust. Chainless Apps present a new paradigm of application architecture that separates execution, trust, bridging, and settlement into distinct compostable layers. This enables app-specific sequencing...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.4 views

CADRE: Customizable Assurance of Data Readiness in Privacy-Preserving Federated Learning

Privacy-Preserving Federated Learning PPFL is a decentralized machine learning approach where multiple clients train a model collaboratively. PPFL preserves privacy and security of the client's data by not exchanging it. However, ensuring that data at each client is of high quality and ready for...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.5 views

Privacy-Preserving Inconsistency Measurement

We investigate a new form of privacy-preserving inconsistency measurement for multi-party communication. Intuitively, for two knowledge bases KA, KB of two agents A, B, our results allow to quantitatively assess the degree of inconsistency for KA U KB without having to reveal the actual contents ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.6 views

Operationalizing CaMeL: Strengthening LLM Defenses for Enterprise Deployment

CaMeL Capabilities for Machine Learning introduces a capability-based sandbox to mitigate prompt injection attacks in large language model LLM agents. While effective, CaMeL assumes a trusted user prompt, omits side-channel concerns, and incurs performance tradeoffs due to its dual-LLM design. Th...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.7 views

Test-Time Immunization: a Universal Defense Framework against Jailbreaks for (Multimodal) Large Language Models

While multimodal large language models LLMs have attracted widespread attention due to their exceptional capabilities, they remain vulnerable to jailbreak attacks. Various defense methods are proposed to defend against jailbreak attacks, however, they are often tailored to specific types of...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.9 views

Jailbreak Distillation: Renewable Safety Benchmarking

Large language models LLMs are rapidly deployed in critical applications, raising urgent needs for robust safety benchmarking. We propose Jailbreak Distillation JBDistill, a novel benchmark construction framework that "distills" jailbreak attacks into high-quality and easily-updatable safety...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.12 views

WordPress File Away 3.9.9.0.1 Arbitrary File Read

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

7.5CVSS5.5AI score0.01606EPSS
Exploits6
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.6 views

Eve File Disclosure / Code Execution

Eve versions prior to 0.7.5 blind remote code execution proof of concept that retrieves files...

9.8CVSS8.1AI score0.05651EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.5 views

Private Rate-Constrained Optimization with Applications to Fair Learning

Many problems in trustworthy ML can be formulated as minimization of the model error under constraints on the prediction rates of the model for suitably-chosen marginals, including most group fairness constraints demographic parity, equality of odds, etc.. In this work, we study such constrained...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.3 views

A Comparative Study of Fuzzers and Static Analysis Tools for Finding Memory Unsafety in C and C++

Even today, over 70% of security vulnerabilities in critical software systems result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing generates random program inputs to identify faults...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.7 views

Transformers for Secure Hardware Systems: Applications, Challenges, and Outlook

The rise of hardware-level security threats, such as side-channel attacks, hardware Trojans, and firmware vulnerabilities, demands advanced detection mechanisms that are more intelligent and adaptive. Traditional methods often fall short in addressing the complexity and evasiveness of modern...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.47 views

Spa-VLM: Stealthy Poisoning Attacks on RAG-Based VLM

With the rapid development of the Vision-Language Model VLM, significant progress has been made in Visual Question Answering VQA tasks. However, existing VLM often generate inaccurate answers due to a lack of up-to-date knowledge. To address this issue, recent research has introduced...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.2 views

Breaking the Ceiling: Exploring the Potential of Jailbreak Attacks through Expanding Strategy Space

Large Language Models LLMs, despite advanced general capabilities, still suffer from numerous safety risks, especially jailbreak attacks that bypass safety protocols. Understanding these vulnerabilities through black-box jailbreak attacks, which better reflect real-world scenarios, offers critica...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.7 views

SimProcess: High Fidelity Simulation of Noisy ICS Physical Processes

Industrial Control Systems ICS manage critical infrastructures like power grids and water treatment plants. Cyberattacks on ICSs can disrupt operations, causing severe economic, environmental, and safety issues. For example, undetected pollution in a water plant can put the lives of thousands at...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.11 views

Security Benefits and Side Effects of Labeling AI-Generated Images

Generative artificial intelligence is developing rapidly, impacting humans' interaction with information and digital media. It is increasingly used to create deceptively realistic misinformation, so lawmakers have imposed regulations requiring the disclosure of AI-generated content. However, only...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.5 views

Enhancing JavaScript Malware Detection through Weighted Behavioral DFAs

This work addresses JavaScript malware detection to enhance client-side web application security with a behavior-based system. The ability to detect malicious JavaScript execution sequences is a critical problem in modern web security as attack techniques become more sophisticated. This study...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

Cryptography from Lossy Reductions: Towards OWFs from ETH, and Beyond

One-way functions OWFs form the foundation of modern cryptography, yet their unconditional existence remains a major open question. In this work, we study this question by exploring its relation to lossy reductions, i.e., reductions$R$ for which it holds that $IX;RX \ll n$ for all distributions$X...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

Preventing Adversarial AI Attacks against Autonomous Situational Awareness: a Maritime Case Study

Adversarial artificial intelligence AI attacks pose a significant threat to autonomous transportation, such as maritime vessels, that rely on AI components. Malicious actors can exploit these systems to deceive and manipulate AI-driven operations. This paper addresses three critical research...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.7 views

Watermarking without Standards Is Not AI Governance

Watermarking has emerged as a leading technical proposal for attributing generative AI content and is increasingly cited in global governance frameworks. This paper argues that current implementations risk serving as symbolic compliance rather than delivering effective oversight. We identify a...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

VideoMarkBench: Benchmarking Robustness of Video Watermarking

The rapid development of video generative models has led to a surge in highly realistic synthetic videos, raising ethical concerns related to disinformation and copyright infringement. Recently, video watermarking has been proposed as a mitigation strategy by embedding invisible marks into...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling

Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

DP-RTFL: Differentially Private Resilient Temporal Federated Learning for Trustworthy AI in Regulated Industries

Federated Learning FL has emerged as a critical paradigm for enabling privacy-preserving machine learning, particularly in regulated sectors such as finance and healthcare. However, standard FL strategies often encounter significant operational challenges related to fault tolerance, system...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.8 views

A Joint Reconstruction-Triplet Loss Autoencoder Approach Towards Unseen Attack Detection in IoV Networks

Internet of Vehicles IoV systems, while offering significant advancements in transportation efficiency and safety, introduce substantial security vulnerabilities due to their highly interconnected nature. These dynamic systems produce massive amounts of data between vehicles, infrastructure, and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.4 views

Lazarus Group Targets Crypto-Wallets and Financial Data While Employing New Tradecrafts

This report presents a comprehensive analysis of a malicious software sample, detailing its architecture, behavioral characteristics, and underlying intent. Through static and dynamic examination, the malware core functionalities, including persistence mechanisms, command-and-control communicatio...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

PrivATE: Differentially Private Confidence Intervals for Average Treatment Effects

The average treatment effect ATE is widely used to evaluate the effectiveness of drugs and other medical interventions. In safety-critical applications like medicine, reliable inferences about the ATE typically require valid uncertainty quantification, such as through confidence intervals CIs...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

ColorGo: Directed Concolic Execution

Whitepaper called ColorGo: Directed Concolic Execution...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.7 views

BLACKOUT: Data-Oblivious Computation with Blinded Capabilities

Lack of memory-safety and exposure to side channels are two prominent, persistent challenges for the secure implementation of software. Memory-safe programming languages promise to significantly reduce the prevalence of memory-safety bugs, but make it more difficult to implement...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.21 views

M3S-UPD: Efficient Multi-Stage Self-Supervised Learning for Fine-Grained Encrypted Traffic Classification with Unknown Pattern Discovery

The growing complexity of encrypted network traffic presents dual challenges for modern network management: accurate multiclass classification of known applications and reliable detection of unknown traffic patterns. Although deep learning models show promise in controlled environments, their...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.5 views

Towards a DSL for Hybrid Secure Computation

Fully homomorphic encryption FHE and trusted execution environments TEE are two approaches to provide confidentiality during data processing. Each approach has its own strengths and weaknesses. In certain scenarios, computations can be carried out in a hybrid environment, using both FHE and TEE...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.5 views

Unveiling Impact of Frequency Components on Membership Inference Attacks for Diffusion Models

Diffusion models have achieved tremendous success in image generation, but they also raise significant concerns regarding privacy and copyright issues. Membership Inference Attacks MIAs are designed to ascertain whether specific data were utilized during a model's training phase. As current MIAs...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.19 views

JavaSith: a Client-Side Framework for Analyzing Potentially Malicious Extensions in Browsers, VS Code, and NPM Packages

Modern software supply chains face an increasing threat from malicious code hidden in trusted components such as browser extensions, IDE extensions, and open-source packages. This paper introduces JavaSith, a novel client-side framework for analyzing potentially malicious extensions in web...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.4 views

SHE-LoRA: Selective Homomorphic Encryption for Federated Tuning with Heterogeneous LoRA

Federated fine-tuning of large language models LLMs is critical for improving their performance in handling domain-specific tasks. However, prior work has shown that clients' private data can actually be recovered via gradient inversion attacks. Existing privacy preservation techniques against su...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.4 views

Transformers in Protein: a Survey

As protein informatics advances rapidly, the demand for enhanced predictive accuracy, structural analysis, and functional understanding has intensified. Transformer models, as powerful deep learning architectures, have demonstrated unprecedented potential in addressing diverse challenges across...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.5 views

TrojanStego: Your Language Model Can Secretly Be a Steganographic Privacy Leaking Agent

As large language models LLMs become integrated into sensitive workflows, concerns grow over their potential to leak confidential information. We propose TrojanStego, a novel threat model in which an adversary fine-tunes an LLM to embed sensitive context information into natural-looking outputs v...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

Online Voting Using Point to MultiPoint Quantum Key Distribution Via Passive Optical Networks

We propose using Point-to-Multipoint quantum key distribution QKD via time division multiplexing TDM and wavelength division multiplexing WDM in passive optical networks PON to improve the security of online voting systems...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.8 views

Evaluating AI Cyber Capabilities with Crowdsourced Elicitation

As AI systems become increasingly capable, understanding their offensive cyber potential is critical for informed governance and responsible deployment. However, it's hard to accurately bound their capabilities, and some prior evaluations dramatically underestimated them. The art of extracting...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.5 views

Uncovering Black-Hat SEO Based Fake E-Commerce Scam Groups from Their Redirectors and Websites

While law enforcements agencies and cybercrime researchers are working hard, fake E-commerce scam is still a big threat to Internet users. One of the major techniques to victimize users is luring them by black-hat search-engine-optimization SEO; making search engines display their lure pages as i...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.8 views

A Hitchhiker'S Guide to Privacy-Preserving Cryptocurrencies: a Survey on Anonymity, Confidentiality, and Auditability

Cryptocurrencies and central bank digital currencies CBDCs are reshaping the monetary landscape, offering transparency and efficiency while raising critical concerns about user privacy and regulatory compliance. This survey provides a comprehensive and technically grounded overview of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

System Prompt Extraction Attacks and Defenses in Large Language Models

The system prompt in Large Language Models LLMs plays a pivotal role in guiding model behavior and response generation. Often containing private configuration details, user roles, and operational instructions, the system prompt has become an emerging attack target. Recent studies have shown that...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.4 views

IRCopilot: Automated Incident Response with Large Language Models

Incident response plays a pivotal role in mitigating the impact of cyber attacks. In recent years, the intensity and complexity of global cyber threats have grown significantly, making it increasingly challenging for traditional threat detection and incident response methods to operate effectivel...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.4 views

Backdoors in DRL: Four Environments Focusing on In-Distribution Triggers

Backdoor attacks, or trojans, pose a security risk by concealing undesirable behavior in deep neural network models. Open-source neural networks are downloaded from the internet daily, possibly containing backdoors, and third-party model developers are common. To advance research on backdoor atta...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.7 views

Grassroots Consensus

Grassroots platforms aim to offer an egalitarian alternative to global platforms -- centralized/autocratic and decentralized/plutocratic alike. Within the grassroots architecture, consensus is needed to realize platforms that employ digital social contracts, which are like smart contracts except...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.6 views

The Feasibility of Topic-Based Watermarking on Academic Peer Reviews

Large language models LLMs are increasingly integrated into academic workflows, with many conferences and journals permitting their use for tasks such as language refinement and literature summarization. However, their use in peer review remains prohibited due to concerns around confidentiality...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.5 views

Multi-Photon QKD for Practical Quantum Networks

Quantum key distribution QKD will most likely be an integral part of any practical quantum network in the future. However, not all QKD protocols can be used in today's networks because of the lack of single-photon emitters and noisy intermediate quantum hardware. Attenuated-photon transmission,...

6.7AI score
Exploits0
Total number of security vulnerabilities6907